Re: qemu-system-ppc64 option -smp 2 broken with commit 20b6643324a79860dcdfe811ffe4a79942bca21e

[Anushree Mathur]

Hi Alex,

On 6/23/23 20:52, Alex Bennée wrote:
> Cédric Le Goater <clg@kaod.org> writes:
>
> > Hello Anushree,
> >
> > On 6/23/23 13:09, Anushree Mathur wrote:
> > > Hi everyone,
> > > I was trying to boot rhel9.3 image with upstream qemu-system-ppc64
> > > -smp 2 option and observed a segfault (qemu crash).
> > > qemu command line used:
> > > qemu-system-ppc64 -name Rhel9.3.ppc64le -smp 2 -m 16G -vga none
> > > -nographic -machine pseries -cpu POWER10 -accel tcg -device
> > > virtio-scsi-pci -drive
> > > file=/home/rh93.qcow2,if=none,format=qcow2,id=hd0 -device
> > > scsi-hd,drive=hd0 -boot c
> > > After doing a git bisect, I found the first bad commit which
> > > introduced this issue is below:
> > Could you please open a gitlab issue on QEMU project ?
> >
> >   https://gitlab.com/qemu-project/qemu/-/issues
> Is it broken generated code that faults or does the goto_tb code break
> the execution sequence in some subtle way further down the line?
>
> If you can isolate the guest address the output from:
>
>    -dfilter 0xBADADDR+0x100 -d in_asm,op,out_asm

I tried as suggested above but didn't get much info collected.

I have shared my observation on the gitlab issue page.

https://gitlab.com/qemu-project/qemu/-/issues/1726


Thanks,

Anushree-Mathur

> would be useful for the bug report. Although conceivably the out_asm
> output might make sense at translation time and then be broken when it
> is patched. Having rr on power would be really useful to debug this sort
> of thing.
>
> > Thanks,
> >
> > C.
> >
> > > [qemu]# git bisect good
> > > 20b6643324a79860dcdfe811ffe4a79942bca21e is the first bad commit
> > > commit 20b6643324a79860dcdfe811ffe4a79942bca21e
> > > Author: Richard Henderson <richard.henderson@linaro.org>
> > > Date:   Mon Dec 5 17:45:02 2022 -0600
> > >       tcg/ppc: Reorg goto_tb implementation
> > >       The old ppc64 implementation replaces 2 or 4 insns, which
> > > leaves a race
> > >       condition in which a thread could be stopped at a PC in the middle of
> > >       the sequence, and when restarted does not see the complete address
> > >       computation and branches to nowhere.
> > >       The new implemetation replaces only one insn, swapping between
> > >               b       <dest>
> > >       and
> > >               mtctr   r31
> > >       falling through to a general-case indirect branch.
> > >       Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> > >       Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> > >    tcg/ppc/tcg-target.c.inc | 152
> > > +++++++++++++----------------------------------
> > >    tcg/ppc/tcg-target.h     |   3 +-
> > >    2 files changed, 41 insertions(+), 114 deletions(-)
> > > [qemu]#
> > > Can someone please take a look and suggest a fix to resolve this
> > > issue?
> > > Thanks in advance.
> > > Regards,
> > > Anushree-Mathur